Cybersecurity


Crypto collapse

CFTC commissioner stresses ‘urgency’ in call for heightened crypto oversight

2022-12-01T19:42:00+00:00By

Christy Goldsmith Romero, a commissioner at the Commodity Futures Trading Commission, is lobbying the regulator to use its existing authority to conduct “heightened supervision” over derivative exchanges to create more oversight in crypto markets.

Meta building

Meta fined $274M under GDPR for data scraping breach

2022-11-28T20:32:00+00:00By

Meta Platforms Ireland was fined €265 million (U.S. $274 million) for failing to put in place adequate measures to protect users’ data after a leak compromised the personal details of more than half a billion individuals.

Discord

​Discord fined $830K for GDPR lapses

2022-11-18T17:05:00+00:00By

Discord, a popular communication service primarily utilized by the video game community, was assessed a fine of €800,000 (U.S. $829,000) by the French data protection authority for multiple violations of the General Data Protection Regulation related to safeguarding user data.

FTC

Cybersecurity staffing woes play part in FTC Safeguards Rule delays

2022-11-17T17:05:00+00:00By

The Federal Trade Commission extended the deadline for compliance with certain changes to its Safeguards Rule announced last year, in part because of labor shortages in the cybersecurity market.

Australian Parliament

​Australia privacy law proposal sets steep penalty mark for breaches

2022-11-14T19:27:00+00:00By

The Australian government is weighing stringent new privacy reforms that would establish among the steepest penalty regimes in the world—up to AUD$50 million (U.S. $33.5 million)—for serious or repeated breaches.

SolarWinds

SolarWinds under SEC probe for handling of 2020 cyberattack

2022-11-04T18:43:00+00:00By

SolarWinds revealed the Securities and Exchange Commission is examining cybersecurity disclosures and public statements the company and its executives made after its massive 2020 data breach caused by hackers backed by the Russian government.

Ransomware

FinCEN: U.S. banks paid $1.2B to ransomware criminals last year

2022-11-02T15:25:00+00:00By

Banks reported paying a record $1.2 billion to ransomware criminals in 2021, the Financial Crimes Enforcement Network announced.

Chegg_Web

Chegg avoids fine in deal with FTC over cybersecurity lapses

2022-10-31T17:25:00+00:00By

The Federal Trade Commission ordered education technology provider Chegg to fix problems and weaknesses with its cybersecurity program that led to the exposure of personal and financial data of 40 million customers and employees in four data breaches since 2017.

lowenstein 300x200

CPE Webcast: Need to know about D&O and cyber insurance coverage

2022-10-27T14:00:00+01:00Provided by

Your company spends substantial sums to purchase directors and officers insurance and cyber insurance. But are you taking reasonable steps to make sure your company has the best protection available in a changing marketplace?

FTC seal

FTC places restrictions on CEO in Drizly enforcement proposal

2022-10-24T21:13:00+01:00By

The Federal Trade Commission announced a tentative settlement with online alcohol delivery platform Drizly and its chief executive officer regarding a data breach affecting 2.5 million consumers and the alleged lax security that allowed it to happen.

Cybersecurity

ICO warns of ‘complacency’ in fining Interserve $5M under GDPR

2022-10-24T14:29:00+01:00By

The U.K. Information Commissioner warned companies not to ignore “crucial measures” to prevent cyber incidents following his office’s decision to fine construction firm Interserve £4.4 million (U.S. $5 million) for failing to secure employee personal information.

Cybersecurity shield

Uber CSO ruling fallout: Individual liability extends to data breach response

2022-10-20T15:07:00+01:00By

The case of the Uber chief security officer found guilty by a jury on two felonies for covering up a data breach and misleading federal regulators opens up another potential individual liability issue executives handling cyber incidents face, according to legal experts.

Data breach

EyeMed fined $4.5M over cybersecurity lapses that led to breach

2022-10-19T14:53:00+01:00By

EyeMed Vision Care agreed to pay $4.5 million as part of a settlement with the New York State Department of Financial Services for cybersecurity control failures that helped enable a 2020 data breach.

SHEIN

Fashion retailer Zoetop to pay $1.9M over data breach response

2022-10-17T17:37:00+01:00By

Zoetop, parent company to online clothing retailers SHEIN and ROMWE, agreed to pay $1.9 million as part of a settlement with the New York Attorney General’s Office for failing to properly protect customer information compromised during a 2018 data breach.

Optus2

Cyber risk management lessons from Optus data breach

2022-10-11T19:05:00+01:00By

The Optus data breach should serve as a reminder for all organizations that cybersecurity incidents are serious business risks that are costly to make right.

SEC

SEC to reopen comment on climate-related disclosure rule, data breach reporting after glitch

2022-10-07T20:48:00+01:00By

The Securities and Exchange Commission will reopen comment periods on 11 rulemaking releases put forward over the past year, including proposals regarding climate-related disclosures and reporting cybersecurity breaches, because of a glitch in its online comment system.

Optus

Optus data breach fallout shows widespread impact of cybercrime

2022-10-07T18:17:00+01:00By

Optus isn’t alone in trying to calm public nerves and find out what happened to cause a breach that exposed the records of 9.8 million current and former customers. Australian government agencies are also attempting to fight fires and reassure citizens their personal info is safe.

Uber building

Ex-Uber security chief found guilty of obstructing FTC data breach probe

2022-10-06T20:03:00+01:00By

Joseph Sullivan, the former chief security officer of Uber Technologies, was found guilty of two felonies connected to allegations he covered up a massive data breach at the ridesharing company and misled federal regulators about Uber’s response.

Computer hacked

NetWalker hacker imprisoned 20 years for ransomware attacks

2022-10-06T00:09:00+01:00By

Sebastien Vachon-Desjardins, a former Canadian government employee who played part in widespread NetWalker ransomware attacks, was sentenced to 20 years in prison and ordered to forfeit the $21.5 million U.S. investigators said he received from his victims.

Samsung

Samsung facing class action alleging CCPA violations over data breaches

2022-10-03T21:09:00+01:00By

Samsung collected too much personal data from customers and failed to adequately secure it, leading to two data breaches this year and potentially millions of harmed individuals, a class-action lawsuit alleges.

Europe technology

Experts: EU Cyber Resilience Act puts pressure on tech developers, users

2022-09-30T14:28:00+01:00By

The EU’s proposed Cyber Resilience Act primarily puts pressure on tech manufacturers to ensure the cybersecurity of their products, but companies also have a duty of care to use the most secure products available.

Morgan Stanley

Morgan Stanley unit fined $35M for mishandling customer data

2022-09-20T18:40:00+01:00By

Morgan Stanley Smith Barney agreed to pay $35 million to settle Securities and Exchange Commission charges it repeatedly disregarded the safeguarding of clients’ personal data in decommissioning local storage devices.

Iran flag

U.S. sanctions Iran intelligence ministry over Albania cyberattack

2022-09-09T20:39:00+01:00By

Iran’s minister of intelligence, together with its Ministry of Intelligence and Security, were sanctioned by the Treasury Department’s Office of Foreign Assets Control for malicious cyber activities that threaten the national security of the United States and its allies.

Samsung

Details murky in Samsung’s second data breach this year

2022-09-06T21:49:00+01:00By

Samsung revealed a hacker accessed the personal data of an unspecified number of its U.S.-based customers, even after improving its cybersecurity systems following a previous breach earlier this year.

Cyber locks

U.S., Israel finalize deal on cybersecurity cooperation

2022-08-26T19:59:00+01:00By

The United States and Israel have finalized an agreement to work together to protect the financial sector from cybersecurity attacks, the U.S. Treasury Department announced.

Robinhood

Judge OKs Robinhood $20M data breach settlement

2022-08-25T19:01:00+01:00By

Online stock trading platform and broker-dealer Robinhood Financial moved closer to paying $20 million as part of a class-action settlement with thousands of customers whose accounts were allegedly accessed by unauthorized users.

Coinbase

Lawsuit: Lax Coinbase cybersecurity led to theft of customers’ crypto

2022-08-24T22:36:00+01:00By

Coinbase is the subject of a class-action lawsuit alleging cybersecurity failures at the cryptocurrency exchange are to blame for customer accounts losing thousands of dollars in crypto, with the company not doing enough to prevent further thefts.

Twitter HQ

Twitter whistleblower says poor cybersecurity invites breaches, manipulation

2022-08-23T22:13:00+01:00By

Peiter Zatko, a former cybersecurity executive at Twitter, has blown the whistle on his observations of systemic data security lapses at the company, undercounting of fake accounts, and how the social media platform could be manipulated by foreign intelligence services.

SEC

Cybersecurity, beneficial ownership lessons found in SEC fraud case

2022-08-16T17:00:00+01:00By

Charges levied by the Securities and Exchange Commission regarding an international scheme in which hackers accessed online brokerage accounts to manipulate stock prices impart cybersecurity and beneficial ownership lessons for compliance professionals.

FTC seal

FTC seeks to expand authority on data breaches, commercial surveillance

2022-08-12T16:46:00+01:00By

The Federal Trade Commission is seeking comment on potential rules that would penalize companies that suffer data breaches due to lax cybersecurity protocols and punish firms that engage in abusive commercial surveillance practices.

Health records

Proposed NIST cybersecurity guide incorporates HIPAA Security Rule

2022-08-04T14:56:00+01:00By

The National Institute of Standards and Technology is seeking comment on proposed guidance intended to help healthcare organizations that fall under the regulatory umbrella of the Health Insurance Portability and Accountability Act’s Security Rule.

ransomware training device cluster 2022

Ransomware Attack: A scenario-based immersive learning

2022-08-03T19:27:00+01:00

Take this self-directed, interactive immersive study of a fictional cyber event based on real-life scenarios to deepen your understanding of the importance of crisis management planning and put you in the shoes of a compliance leader during a ransomware attack.

Robinhood crypto

Robinhood Crypto fined $30M for AML, cybersecurity failures

2022-08-02T18:27:00+01:00By

Robinhood Crypto agreed to pay a $30 million fine to the New York State Department of Financial Services for “significant failures” in its Bank Secrecy Act/anti-money laundering and cybersecurity compliance programs.

Cyber-security

IBM report: Data breach costs up, contributing to inflation

2022-07-28T20:48:00+01:00By

The global average cost to mitigate cybersecurity issues resulting from a data breach increased to an all-time high of $4.35 million and could be contributing to current inflation trends, according to the latest annual report from IBM.

Wawa

Wawa to pay states $8M for data security failures in 2019 breach

2022-07-27T16:00:00+01:00By

East Coast convenience store chain Wawa agreed to pay $8 million in a settlement with a coalition of seven attorneys general over its 2019 data breach that exposed the debit and credit card information of approximately 34 million payment cards.

Uber

Uber admits 2016 data breach cover-up in deal with DOJ

2022-07-25T19:08:00+01:00By

Ridesharing company Uber reached a nonprosecution agreement with the Department of Justice to resolve a criminal investigation into its 2016 data breach and subsequent cover-up.

T-Mobile

T-Mobile to create $350M fund to settle 2021 data breach claims

2022-07-25T15:32:00+01:00By

T-Mobile agreed to create a $350 million fund and spend an additional $150 million on improving its data security to settle a class-action lawsuit related to a 2021 hack that exposed the personal information of more than 76 million customers.

Didi Global

Chinese regulator fines Didi $1.2B for data security violations

2022-07-22T16:38:00+01:00By

The Cyberspace Administration of China levied fines of more than ¥8 billion (U.S. $1.2 billion) against ridesharing platform Didi Global and ¥1 million (U.S. $148,000) against two company executives for violating the country’s data security regulations.

Aerojet Rocketdyne

Aerojet Rocketdyne to pay $9M in cybersecurity whistleblower case

2022-07-11T19:38:00+01:00By

Aerojet Rocketdyne has agreed to pay $9 million to resolve allegations raised by a whistleblower that the aerospace and defense manufacturer misled the federal government regarding its compliance with cybersecurity requirements in certain contracts.

Rising costs

Survey: Inflation, climate risk top audit partner economic concerns for 2022

2022-07-11T12:57:00+01:00By

The economy, cybersecurity, climate change, and cryptocurrency are among top concerns for the year ahead expressed by U.S. public company audit partners as part of a new Center for Audit Quality survey.

Carnival Cruise

NYDFS penalizes Carnival $5M for cybersecurity failures

2022-06-27T16:18:00+01:00By

The New York State Department of Financial Services announced a $5 million penalty against Carnival Corp. for “significant” cybersecurity failures, including not implementing basic protocols to prevent four separate data breaches from 2019-21.

Carnival

Carnival reaches $1.25M settlement over 2019 data breach

2022-06-23T19:33:00+01:00By

Carnival Cruise Line reached a $1.25 million settlement with 46 attorneys general stemming from its 2019 data breach that involved the personal information of 180,000 Carnival employees and customers nationwide.

TPRM2022 Linda Tuck Chapman

Five prevailing themes from TPRM Summit

2022-06-17T21:56:00+01:00By

Editor In Chief Kyle Brasseur recaps popular points of discussion across Compliance Week’s two-day Third-Party Risk Management Summit held in Chicago.

300x200 logo

Webcast: Importance of adopting a cybersecurity risk management framework

2022-06-16T14:00:00+01:00Provided by

More and more commercial organizations are voluntarily adopting cybersecurity risk management frameworks like NIST CSF, COBIT, ISO, and others considering recent legislation, executive orders, and reporting requirements.

Cybersecurity offices

Survey: Cyber threats, remote work, financial pressures key ABC concerns for 2022

2022-06-15T19:06:00+01:00By

Compliance programs globally expect to shoulder more responsibilities in 2022, according to Kroll’s latest Anti-Bribery and Corruption Benchmarking Report.

CW2022 SEC commissioners

SEC commissioners address CCO liability, crypto regulation, more at CW2022

2022-05-17T17:15:00+01:00By

Two SEC commissioners from opposite sides of the political aisle took slightly different positions on how to assess the liability of poor performing chief compliance officers as part of the Day 2 opening keynote at Compliance Week’s National Conference.

dec15

Dec. 15 | Continuous compliance monitoring in cyber risk management

2022-05-07T20:07:00+01:00Provided by

The concept of continuous compliance monitoring in the cyber risk management world has been around for more than two decades, yet most organizations are either ignoring or struggling to put an effective and affordable plan into place.

Crypto

SEC to increase staffing around crypto asset-related investigations

2022-05-03T15:05:00+01:00By

The Securities and Exchange Commission announced plans to nearly double the number of employees assigned to its Cyber Unit, which has had its name changed to emphasize the agency’s pursuit of crypto asset-related investigations.

15019_processunity300x200_662860

CPE Webcast: Cybersecurity and third-party risk: Third-party threat hunting

2022-05-03T14:00:00+01:00Provided by

Learn how to build a third-party risk management program with cybersecurity risk at the forefront.

quest300x200

CPE Webcast: The dangers of hidden email data

2022-04-25T14:00:00+01:00Provided by

Where is your unstructured data lurking? With a record number of cyberattacks and the introduction of robust privacy laws like the GDPR and CPRA, it’s time to discover your data.